Impact
Cross-site scripting in MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one.
Patches
See commit 30e5ae7
Fixed in release 2.0.1
Workarounds
MantisBT's default Content Security Policy blocks script execution.
References
#11
Impact
Cross-site scripting in MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one.
Patches
See commit 30e5ae7
Fixed in release 2.0.1
Workarounds
MantisBT's default Content Security Policy blocks script execution.
References
#11